Last updated: 2026-07-05
This Privacy Policy explains how UtterIDE handles data.
UtterIDE is currently a beta product. This policy may be updated as the product evolves, especially if paid plans, telemetry, cloud services, or additional integrations are introduced.
This document is not legal advice. Organizations using UtterIDE with personal data, confidential data, customer data, production systems, or regulated environments should review their own legal, security, and compliance requirements.
UtterIDE is designed as a local-first Visual Studio Code extension.
UtterIDE does not require an UtterIDE account.
UtterIDE does not operate a central backend server for storing your code, prompts, project files, database credentials, chat history, memory files, run logs, or API keys.
Most UtterIDE data is stored locally on your machine or inside your project workspace.
However, when you choose to use a cloud LLM provider such as DeepSeek, Anthropic, OpenAI, Google, OpenRouter, Ollama Cloud, or another supported provider, selected prompts, code context, file contents, database query results, logs, or other workspace information may be sent directly from your machine to that provider.
UtterIDE uses a Bring Your Own Key model. You are responsible for the API keys and providers you choose to use.
UtterIDE currently does not collect, transmit, or store the following on an UtterIDE-owned backend server:
UtterIDE currently has no central user account system and no central cloud storage for user projects.
UtterIDE may store data locally on your machine or inside your workspace.
Examples may include:
.utteride/memory.json.utteride/architecture.json.utteride/pii_rules.json.utteride/project-context.md.utteride/instructions.md.utteride/runs/These files may contain sensitive project information.
You are responsible for protecting these files.
You should decide whether to:
.gitignoreRecommended default:
.utteride/runs/
.utteride/*.local.json
.utteride/secrets*
Depending on your project, you may also want to exclude all .utteride/ files from Git.
UtterIDE uses a Bring Your Own Key model.
You may connect your own API keys for providers such as:
UtterIDE is designed to store API keys using Visual Studio Code’s secure secret storage where supported.
API keys should not be stored in plain text files.
UtterIDE should not intentionally store API keys in:
settings.jsonYou are responsible for:
UtterIDE may send selected data directly from your machine to your chosen LLM provider.
Examples of data that may be sent include:
UtterIDE does not control how third-party providers process, store, secure, retain, or use data sent to them.
Your use of each provider is governed by that provider’s own terms, privacy policy, data processing terms, retention policy, and security practices.
UtterIDE is not affiliated with DeepSeek, Anthropic, OpenAI, Google, Microsoft, OpenRouter, Ollama, or other providers unless explicitly stated.
Before using a provider, you should review that provider’s terms and privacy policy.
UtterIDE may support both cloud and local runtimes.
When using a cloud provider, selected context is sent to that provider.
Examples:
When using a local runtime, model execution may happen on your machine.
Examples:
Local runtime can reduce cloud data transfer, but local runtime does not automatically mean that all risk is removed. Local logs, local files, plugins, extensions, malware, backups, Git repositories, or system-level tools may still expose data if misconfigured.
UtterIDE should clearly display whether the active provider is local or cloud where possible.
UtterIDE may include local masking features designed to reduce the risk of sending sensitive information to cloud LLM providers.
For example, database query results may be intercepted before being sent to an LLM provider and masked according to rules in:
.utteride/pii_rules.json
Potentially sensitive fields may include:
Masking may replace values with placeholders such as:
***MASKED***
PII masking is a safety feature, not a guarantee.
UtterIDE may fail to detect sensitive data.
Rules may be incomplete.
Column names may be misleading.
Sensitive data may appear in unexpected fields, logs, comments, stack traces, filenames, database rows, JSON blobs, free text, or generated content.
You are responsible for reviewing what data may be sent to third-party providers and for ensuring that your use complies with applicable law, contracts, policies, and confidentiality obligations.
UtterIDE may support connecting to databases such as PostgreSQL or PostGIS.
Database credentials should be stored locally using secure storage where supported.
UtterIDE may be able to:
EXPLAINDatabase actions can expose or modify sensitive data.
You are responsible for:
Recommended practice:
UtterIDE may support executing terminal commands.
Commands run with the permissions of the user account and VS Code session where UtterIDE is running.
UtterIDE does not have more operating system permissions than the user/session grants it, but those permissions may still be powerful enough to modify or delete files, install packages, change Git repositories, or affect local systems.
Terminal output may contain sensitive data.
If terminal output is sent to a cloud LLM provider, it may be processed by that provider.
You are responsible for reviewing terminal commands and outputs before allowing them to be used or transmitted.
UtterIDE may support Git actions such as:
git statusgit diffGit actions can expose or publish code and sensitive information.
You are responsible for reviewing:
Before committing or pushing, ensure that secrets, database credentials, personal data, tokens, logs, and local .utteride/ files are not accidentally included.
UtterIDE may create local run logs or run ledger files.
These may record:
Run ledger files are intended to help users understand what happened during an agent run.
Run ledger files may contain sensitive information.
You are responsible for protecting, deleting, excluding, or sharing these files appropriately.
UtterIDE may show estimated or exact usage costs for third-party LLM providers.
Cost information may include:
UtterIDE does not control third-party provider billing.
You are responsible for monitoring your own provider accounts, balances, invoices, usage limits, and API costs.
UtterIDE cost estimates may be inaccurate.
The current intended model is no central UtterIDE backend and no required user account.
If telemetry, analytics, crash reporting, usage metrics, licensing checks, cloud sync, or paid account features are introduced in the future, this Privacy Policy should be updated before those features are enabled.
If telemetry is added, it should be:
UtterIDE may be free during beta.
Future versions may introduce:
Third-party LLM costs are separate from any UtterIDE subscription unless explicitly stated.
Users remain responsible for any charges from their chosen providers.
UtterIDE is intended for developers and technical users.
It is not intended for children.
Do not use UtterIDE to process children’s personal data unless you are authorized to do so and have reviewed applicable legal requirements.
UtterIDE is designed to reduce certain risks through local storage, secure secret storage, review-first workflows, PII masking, and local run logs.
However, no software can guarantee complete security.
Risks may include:
You should use standard security practices, including:
.gitignoreBy using UtterIDE, you are responsible for:
.utteride/ filesIf an official support email, website, company name, or contact method is later created for UtterIDE, it should be added here.
Until then, this Privacy Policy is a beta draft and should be reviewed before public release.
This policy may be updated over time.
Changes may be required as UtterIDE evolves, especially if the product adds:
Users should review the latest version before using UtterIDE with sensitive, confidential, regulated, or production data.